T Commands

This chapter describes the Cisco Nexus 1000V commands that begin with the letter T.

table-map

To create or modify a QoS table map, use the
table-map
command. To remove the table map, use the
no
form of this command.

table-map
table-map-name

no
table-map
table-map-name

Syntax Description

table-map-name

Specify the table map name.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Usage Guidelines

Examples

This example shows how to create or access the my_table1 table map for configuration:

n1000v# configure terminal

n1000v(config)# table-map my_table1

n1000v(config-tmap)#

This example shows how to remove the my_table1 table map:

n1000v(config)# no table-map my_table1

n1000v(config)#

Related Commands

Command

Description

from src to dest

Maps input field values to output field values in a QoS table map.

show table-map

Displays table maps.

policy-map

Creates and configures QoS policy maps.

class-map

Creates or modifies a QoS class map that defines a class of traffic.

tacacs+ enable

To enable TACACS+, use the
tacacs+ enable
command. To disable TACACS+, use the
no
form of this command.

tacacs+
enable

no
tacacs+
enable

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Examples

This example shows how to enable TACACS+:

n1000v(config)# tacacs+ enable

n1000v(config)#

This example shows how to disable TACACS+:

n1000v(config)# notacacs+ enable

n1000v(config)#

Related Commands

Command

Description

tacacs-server key

Designates the global key shared between the Cisco Nexus 1000V and the TACACS+ server hosts.

tacacs-server host

Designates the key shared between the Cisco Nexus 1000V and this specific TACACS+ server host.

show tacacs-server

Displays the TACACS+ server configuration.

tacacs-server deadtime

To set a periodic time interval where a nonreachable (nonresponsive) TACACS+ server is monitored for responsiveness, use the
tacacs-server deadtime
command. To disable the monitoring of the nonresponsive TACACS+ server, use the
no
form of this command.

tacacs
-server deadtime
minutes

no
tacacs
-server deadtime
minutes

Syntax Description

time

Specifies the time interval in minutes. The range is from 1 to 1440.

Defaults

0 minutes

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Usage Guidelines

Setting the time interval to zero disables the timer. If the dead-time interval for an individual TACACS+ server is greater than zero (0), that value takes precedence over the value set for the server group.

When the dead-time interval is 0 minutes, TACACS+ server monitoring is not performed unless the TACACS+ server is part of a server group and the dead-time interval for the group is greater than 0 minutes.

In global configuration mode, you must first enable the TACACS+ feature, using the
tacacs+ enable
command, before you can use any of the other TACACS+ commands to configure the feature.

Examples

This example shows how to configure the dead-time interval and enable periodic monitoring:

n1000v# config terminal

n1000v(config)# tacacs-server deadtime 10

This example shows how to revert to the default dead-time interval and disable periodic monitoring:

n1000v# config terminal

n1000v(config)# no tacacs-server deadtime 10

Related Commands

Command

Description

deadtime

Sets a dead-time interval for monitoring a nonresponsive TACACS+ server.

show tacacs-server

Displays TACACS+ server information.

tacacs+ enable

Enables TACACS+.

tacacs-server directed-request

To allow users to send authentication requests to a specific TACACS+ server when logging in, use the
radius-server directed request
command. To revert to the default, use the
no
form of this command.

tacacs
-server directed-request

no
tacacs
-server directed-request

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Usage Guidelines

In global configuration mode, you must first enable the TACACS+ feature, using the
tacacs+ enable
command, before you can use any of the other TACACS+ commands to configure the feature.

The user can specify the
username@vrfname
:
hostname
during login, where vrfname is the virtual routing and forwarding (VRF) name to use and hostname is the name of a configured TACACS+ server. The username is sent to the server name for authentication.

Note If you enable the directed-request option, the NX-OS device uses only the RADIUS method for authentication and not the default local method.

Examples

This example shows how to allow users to send authentication requests to a specific TACACS+ server when logging in:

n1000v# config t

n1000v(config)# tacacs-server directed-request

This example shows how to disallow users to send authentication requests to a specific TACACS+ server when logging in:

n1000v# config t

n1000v(config)# no tacacs-server directed-request

Related Commands

Command

Description

show tacacs-server directed request

Displays a directed request TACACS+ server configuration.

tacacs+ enable

Enables TACACS+.

tacacs-server host

To configure TACACS+ server host parameters, use the
tacacs-server host
command in configuration mode. To revert to the defaults, use the
no
form of this command.

(Optional) Specifies the time interval (in minutes) for monitoring the server. The time range is 1 to 1440 minutes.

password
password

(Optional) Specifies a user password in the test packets. The password is alphanumeric, case sensitive, and has a maximum of 32 characters.

username
name

(Optional) Specifies a user name in the test packets. The username is alphanumeric, case sensitive, and has a maximum of 32 characters.

timeout
seconds

(Optional) Configures a TACACS+ server timeout period (in seconds) between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds.

Defaults

Parameter

Default

Idle-time

disabled

Server monitoring

disabled

Timeout

1 seconds

Test username

test

Test password

test

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Usage Guidelines

You must use the
tacacs+ enable
command before you configure TACACS+.

When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.

Examples

This example shows how to configure TACACS+ server host parameters:

n1000v# config terminal

n1000v(config)# tacacs-server host 10.10.2.3 key HostKey

n1000v(config)# tacacs-server host tacacs2 key 0 abcd

n1000v(config)# tacacs-server host tacacs3 key 7 1234

n1000v(config)# tacacs-server host 10.10.2.3 test idle-time 10

n1000v(config)# tacacs-server host 10.10.2.3 test username tester

n1000v(config)# tacacs-server host 10.10.2.3 test password 2B9ka5

Related Commands

Command

Description

show tacacs-server

Displays TACACS+ server information.

tacacs+ enable

Enables TACACS+.

tacacs-server key

To configure a global TACACS+ shared secret key, use the
tacacs-server key
command. To removed a configured shared secret, use the
no
form of this command.

tacacs-server key
[
0
|
7
]
shared-secret

no
tacacs-server key
[
0
|
7
]
shared-secret

Syntax Description

0

(Optional) Configures a preshared key specified in clear text to authenticate communication between the TACACS+ client and server. This is the default.

7

(Optional) Configures a preshared key specified in encrypted text to authenticate communication between the TACACS+ client and server.

shared-secret

Preshared key to authenticate communication between the TACACS+ client and server. The preshared key is alphanumeric, case sensitive, and has a maximum of 63 characters.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Usage Guidelines

You must configure the TACACS+ preshared key to authenticate the device on the TACACS+ server. The length of the key is restricted to 63 characters and can include any printable ASCII characters (white spaces are not allowed). You can configure a global key to be used for all TACACS+ server configurations on the device. You can override this global key assignment by using the
key
keyword in the
tacacs-server host
command.

You must use the
tacacs+ enable
command before you configure TACACS+.

Examples

The following example shows how to configure TACACS+ server shared keys:

n1000v# config terminal

n1000v(config)# tacacs-server key AnyWord

n1000v(config)# tacacs-server key 0 AnyWord

n1000v(config)# tacacs-server key 7 public

Related Commands

Command

Description

show tacacs-server

Displays TACACS+ server information.

tacacs+ enable

Enables TACACS+.

tacacs-server timeout

To specify the time between retransmissions to the TACACS+ servers, use the
tacacs-server timeout
command. To revert to the default, use the
no
form of this command.

tacacs-server timeout
seconds

no tacacs-server timeout
seconds

Syntax Description

seconds

Seconds between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds.

Defaults

5 seconds

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.0(4)SV1(1)

This command was introduced.

Usage Guidelines

You must use the
tacacs+ enable
command before you configure TACACS+.

Examples

This example shows how to configure the TACACS+ server timeout value:

n1000v# config terminal

n1000v(config)# tacacs-server timeout 3

This example shows how to revert to the default TACACS+ server timeout value:

Related Commands

track network-state enable

To enable Network State Tracking for all VEMs configured with a vPC-HM port-profile , use the
track network-state enable
command. To disable Network State Tracking, use the
no
form of this command.

track network-state enable

no
track network-state

Syntax Description

This command has no arguments or keywords.

Defaults

disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.2(1)SV1(4)

This command was introduced.

Usage Guidelines

Examples

This example shows how to enable Network State Tracking for all VEMs configured with a vPC-HM port-profile:

n1000v# config t

n1000v(config)# track network-state enable

n1000v(config)#

This example shows how to disable Network State Tracking:

n1000v(config)# no track network-state

n1000v(config)#

Related Commands

Command

Description

show network-state tracking config

Displays the Network State Tracking configuration for verification.

show
network
-
state tracking
{
module
modID
|
interface
channelID
}

Displays the Network State Tracking status for a module or interface.

track network-state interval

To specify an interval of time, from 1 to 10 seconds, between which Network State Tracking broadcasts are sent to pinpoint link failure on a port channel configured for vPC-HM, use the
track network-state interval
command. To remove the configured interval, use the
no
form of this command.

track network-state interval
intv

no
track network-state interval

Syntax Description

intv

Broadcast interval (from 1 to 10 seconds). The default is 5 seconds.

Defaults

5 seconds

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.2(1)SV1(4)

This command was introduced.

Usage Guidelines

Examples

This example shows how to specify an interval for sending broadcasts:

n1000v(config)# track network-state interval 8

n1000v(config)#

This example shows how to remove the broadcast interval configuration:

n1000v(config)# no track network-state interval

n1000v(config)#

Related Commands

Command

Description

show network-state tracking

Displays the Network State Tracking status for a module or interface.

show network-state tracking config

Displays the Network State Tracking configuration for verification.

tracking enable

Enables Network State Tracking for all VEMs configured with a vPC-HM port-profile.

track network-state threshold miss-count

To specify the maximum number of Network State Tracking broadcasts that can be missed consecutively before a split network is declared, use the
track network-state threshold miss-count
command. To remove the configuration, use the
no
form of this command.

track network-state threshold
miss-count
count

no
track network-state threshold
miss-count

Syntax Description

count

Specifies the number of Network State Tracking broadcasts that can be missed from 3 to 7. The default is 5.

Defaults

5 missed broadcasts

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.2(1)SV1(4)

This command was introduced.

Usage Guidelines

Examples

This example shows how to configure the maximum number of Network State Tracking broadcasts that can be missed:

n1000v# config t

n1000v(config)# network-state tracking threshold miss-count 7

n1000v(config)#

This example shows how to remove the configuration:

n1000v(config)# no network-state tracking threshold miss-count

n1000v(config)#

Related Commands

Command

Description

show network-state tracking

Displays the Network State Tracking status for a module or interface.

show network-state tracking config

Displays the Network State Tracking configuration for verification.

tracking enable

Enables Network State Tracking for all VEMs configured with a vPC-HM port-profile.

track network-state split action

To specify the action to take if a split network is detected by Network State Tracking, use the
track network-state split action
command. To remove the configuration, use the
no
form of this command.

track network-state split action

no
track network-state split action

Syntax Description

repin

If a split network is detected by Network State Tracking, the traffic is pinned to another uplink. (the default)

log-only

If a split network is detected by Network State Tracking, traffic is not repinned, and system messages are logged only.

Defaults

repin

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release

Modification

4.2(1)SV1(4)

This command was introduced.

Usage Guidelines

Examples

This example shows how to specify the action to take if Network State Tracking detects a split network:

n1000v# config t

n1000v(config)#
track network-state split action
repin

n1000v(config)#

This example shows how to remove the configuration:

n1000v(config)# no track network-state split action repin

n1000v(config)#

Related Commands

Command

Description

show network-state tracking

Displays the Network State Tracking status for a module or interface.

show network-state tracking config

Displays the Network State Tracking configuration for verification.

tracking enable

Enables Network State Tracking for all VEMs configured with a vPC-HM port-profile.

traceroute

To discover the routes that packets take when traveling to an IPv4 address, use the
traceroute
command.